While computing bounds, the initial values for xmax and ymax are
intended to be set to -float_max. It turns out that
std::numeric_limits<float>::min() actually returns the smallest
positive value close to zero, which is not what was intended. This
patch fixes the code to use -float_max instead, which is the
intended value.

Call the ChildNodeInsertionNotifier.notify call at the end since
it can destroy |this| and some of the local pointers like |last|.
This also matches the order of calls - childrenChanged precedes
ChildNodeInsertionNotifier.notify in updateTreeAfterInsertion and
ContainerNode::parserInsertBefore.

Also remove a FIXME since we use ChildNodeInsertionNotifier.notify
instead of ChildNodeInsertionNotifier.notifyInsertedIntoDocument
(as recommended in the FIXME).

For now this only supports the case where we know a touch screen is
available (currently known only for the chromium port on certain
platforms). All other cases continue to behave exactly as if the media
feature isn't supported.

We shouldn't have to wait for the opportunistic GC timer to fire in order
to call object destructors. Instead, we should incrementally sweep some
subset of the blocks requiring sweeping periodically. We tie this sweeping
to a timer rather than to collections because we want to reclaim this memory
even if we stop allocating. This way, our memory usage scales smoothly with
actual use, regardless of whether we've recently done an opportunistic GC or not.

(JSC::Heap::Heap):
(JSC::Heap::collect): We no longer sweep during a full sweep. We only shrink now,
which we will switch over to being done during incremental sweeping too as soon as
all finalizers can be run lazily (and, by extension, incrementally).
(JSC::Heap::sweeper):
(JSC):

heap/Heap.h:

(JSC):
(Heap):

heap/IncrementalSweeper.cpp: Added.

(JSC):
(JSC::IncrementalSweeper::timerDidFire): The IncrementalSweeper works very similarly to
GCActivityCallback. It is tied to a run-loop based timer that fires periodically based
on how long the previous sweep increment took to run. The IncrementalSweeper doesn't do
anything if the platform doesn't support CoreFoundation.
(JSC::IncrementalSweeper::IncrementalSweeper):
(JSC::IncrementalSweeper::~IncrementalSweeper):
(JSC::IncrementalSweeper::create):
(JSC::IncrementalSweeper::scheduleTimer):
(JSC::IncrementalSweeper::cancelTimer):
(JSC::IncrementalSweeper::doSweep): Iterates over the snapshot of the MarkedSpace taken
during the last collection, checking to see which blocks need sweeping. If it successfully
gets to the end of the blocks that need sweeping then it cancels the timer.
(JSC::IncrementalSweeper::startSweeping): We take a snapshot of the Heap and store it in
a Vector that the incremental sweep will iterate over. We also reset our index into this Vector.

heap/IncrementalSweeper.h: Added.

(JSC):
(IncrementalSweeper):

heap/MarkedBlock.h:

(JSC::MarkedBlock::needsSweeping): If a block is in the Marked state it needs sweeping
to be usable and to run any destructors that need to be run.

Fix a test and an expectation for composed-shadow-tree-walker.html.
A current composed-shadow-tree-walker.html uses class selector
(.class). That's not the test author's intention and the expected
text was wrongly generated based on wrong tests.

r115516 splitted JSString into two classes, with addition nested classes.
Add a workaround for the WinCE compiler since it can't resolve the friend class
declerations corretly and denies the access to protected members of JSString.

(WebCore):
(WebCore::WebGLRenderingContext::getParameter): set DEPTH_BITS/STENCIL_BITS to 0 if related channels are not requested.
(WebCore::WebGLRenderingContext::readPixels): don't do the alpha value fix if the current bound is not the internal drawing buffer.

Chromium was never actually using AccessibilityObjectWrapper, so
this change deletes it. Instead, it's replaced with a simple bool
that keeps track of whether an AccessibilityObject was detached or
not. WebKit/chromium/public/WebAccessibilityObject can then use this
to determine if an object is still valid.

The original rotation code for WebCore::TransformationMatrix was
using indirect trig identities to compute basic rotation
matrices. As far as I can imagine, this is unnecessary, and brief
informal experiments showed that we can gain a few extra bits of
precision by avoiding that indirection.

Indeed, precision improved such that it revealed a mistake on one
of the unit tests, where the test was actually degenerate so that
the layer was aligned with a viewport boundary. When it was
imprecise, it didnt appear to be aligned. Putting an additional
translation on that test fixes it so it is no longer a degenerate
test.

This patch also revealed a few chinks in the unit testing armor of
this code, an error that should have been caught in unit tests was
luckily caught by SVG layout tests. This chink is fixed by adding
2 extra unit tests.

Patch by Joe Mason <​jmason@rim.com> on 2012-05-30
Reviewed by George Staikos.

RIM PR #158892:

When we start a redirect, we now call cancelJob instead of just deleting it immediately to make sure
that all cleanup is performed. However, we also reassign the ResourceHandle to the new job, and
since cancelJob is asynchronous it is now assigned to two jobs simultaneously.

Work around this by only returning handles that have not been cancelled from findJobForHandle.
Cancelled jobs still technically exist in the jobs list, but they're invisible to callers. This is
safe because there is literally nothing that can be done with a cancelled job - it is supposed to
merely consume any notifications that are already in progress and then kill itself off - so no
callers of findJobForHandle are expecting a cancelled job. (All existing callers call methods on the
returned job which are no-ops for cancelled jobs, so there is no behaviour change.)

No new tests because there is no behaviour change (fixes a regression).

The objective is to pass Isolate to v8::True() and v8::False().
Similarly to v8NullWithCheck() (bug 87713), this patch implements
V8Binding::v8BooleanWithCheck(isolate), which calls v8::True()/v8::False()
or v8::True(isolate)/v8::False(isolate) depending on whether the
passed isolate is null or not.

To avoid implementing all of v8TrueWithCheck(isolate), v8FalseWithCheck(isolate)
and v8BooleanWithCheck(isolate), we can first replace v8::True() and v8::False()
with v8Boolean(). Then we can just implement v8BooleanWithCheck(isolate).

The objective is to pass Isolate around in V8 bindings.
For non-custom bindings, we replace v8::Null() with v8::Null(isolate)
where isolate cannot be 0, and replace v8::Null() with v8NullWithCheck(isolate)
where isolate can be 0.

The objective is to pass Isolate around in V8 bindings.
This patch replaces v8::Null() with v8::Null(isolate) in custom bindings
where isolate shouldn't be 0. 'where isolate shouldn't be 0' is the place
where isolate is retrieved directly from AccessorInfo and Arguments.

Add copyFromFramebuffer function to copy a texture from an FBO
onto the GraphicsSurface.
Add getTextureID function to export the texture ID.
This allows binding/blitting the texture directly on the GPU.

There appears to be a bug where the chromium bots are creating
temporary directories and not cleaning them up that started
after the switch to WebKitDriver. It's possible that del
wasn't getting called in a timely manner (or at all), and it's
generally bad style to rely on del being called, so this
code changes things so that we create a temp dir in
driver.start() and remove it in driver.stop(). We could be
paranoid and leave the del code in, but there doesn't seem
to be much advantage to it. If there are bugs that result in
drivers being started but not stopped, we have other problems.

When computing the logical left and right offsets for a float we
incorrectly floored the logical top when passing it to the float search
adapter. This caused it to return incorrect values where the floored and
pixel snapped values are not the same.

Add EWKPrivate method to retrieve the internal WebCore object for a Ewk_Intent.
Add helper function to DumpRenderTreeSupportEfl that returns the MessagePorts
for a Ewk_Intent object so that the DRT can print information about them.

WebCoreSupport/DumpRenderTreeSupportEfl.cpp:

(DumpRenderTreeSupportEfl::intentMessagePorts):

WebCoreSupport/DumpRenderTreeSupportEfl.h:

(WebCore):

ewk/ewk_intent.cpp:

(EWKPrivate):
(EWKPrivate::coreIntent):

ewk/ewk_intent_private.h:

(EWKPrivate):

Tools:

Print the number of MessagePorts for each new intent in EFL's DRT.
This output is expected by several Web Intents test cases.

DumpRenderTree/efl/DumpRenderTreeChrome.cpp:

(DumpRenderTreeChrome::onFrameIntentNew):

LayoutTests:

Unskip the test case which requires the DumpRenderTree to print out
the number of MessagePorts for each new intent.

Change WebCore::getBorderPaddingMargin and the helper function
getBPMWidth to return a LayoutUnit rather than an int as the padding and
margin values have subpixel precision. This fixes an issue where we would
incorrectly wrap inline blocks with a subpixel padding or margin.

Ewk_Intent_Request's postResult/postFailure methods now take
SerializedScriptValues in argument instead of strings. The client can
now post results of any type, not just strings, which is according to
spec. Those methods are now moved to private header and a helper
function was added to DumpRenderTreeSupportEfl so that the DRT can
still send intent results.

WebCoreSupport/DumpRenderTreeSupportEfl.cpp:

(DumpRenderTreeSupportEfl::sendWebIntentResponse):

WebCoreSupport/DumpRenderTreeSupportEfl.h:

ewk/ewk_intent_private.h:

(WebCore):

ewk/ewk_intent_request.cpp:

(ewk_intent_request_result_post):
(ewk_intent_request_failure_post):

ewk/ewk_intent_request.h:

Tools:

EFL's LayoutTestController now makes uses of the new helper method in
DumpRenderTreeSupportEfl in order to send the intent response. This is
now needed because the Ewk_Intent_Request postResult / postFailure
methods were made private.

Renamed offsetTopLeft in RenderBoxModelObject to
adjustedPositionRelativeToOffsetParent, because it returns the given
startPoint after adjusting it to be relative to the top-left corner of
the offsetParent. The definition of offsetParent itself is non-trivial
and is documented within the body of RenderObject::offsetParent,
therefore I decided to reuse this term, as-is, in the name of this
function.

Previously, layers that both had a transform and were fixed position
were not considered as being fixed position in RenderGeometryMap or in
RenderBox::mapLocalToContainer (although this case is not incorrect in
the case of painting, so an external caller likely adjusts for this).

Tests: compositing/layer-creation/fixed-position-and-transform.html

compositing/layer-creation/fixed-position-under-transform.html

rendering/RenderBox.cpp:

(WebCore::RenderBox::mapLocalToContainer):

rendering/RenderGeometryMap.cpp:

(WebCore::RenderGeometryMap::mapToAbsolute):

LayoutTests:

Add a test for a layer with both fixed position and a transform to
verify that this is considered as fixed position with respect to the
root.

Also, add a test with a child layer with fixed position and a parent
with a transform to verify that the child is not considered as fixed
position with respect to the root.

The algorithm is: we calculate the common tree scope of node A and B, and
adjust the nodes to the treeScope, then compare them. If the adjusted nodes
are the same, we check the shadow descendent of each node.

Instead of relying on 'arguments' we rely on 'this'. 'this' cannot be intercepted by a
with-statement so it is safe to use that to bind the context objects. This allows us to
remove one layer of function indirection in the generated code.

DeferrableOneShotTimer is a timer which takes a class and method to call (as Timer does),
and a delay. It exposes restart(), stop(), and isActive(), and none of the rest of
the TimerBase interface. On restart(), the timer is started with the given delay,
unless it's already running, in which case a flag is set to automatically restart
the timer when it fires instead of calling the given method. This provides a
low-overhead way to implement a deferrable timer.

The test result files below contain slightly improved metrics (usually by a single
pixel) and some other very minor (visually undetectable) pixel changes. To be honest,
I'm not sure what caused all these changes, since a lot of mathml tests have been
skipped or failing for a while. The small metric improvements were not caused by changes
in mathml code - perhaps LayoutUnit rounding or other 1-pixel corrections in logical
width code? At any rate, I'd like to rebaseline these tests, and unskip them and other
mathml tests.

The reason was that DumpRenderTreeChrome::extraViews() returned copy of the vector
and dumpBackForwardListForWebViews() used iterators belonging actually to different vectors
(browser->extraViews().begin() and browser->extraViews().end()) as if they had belonged to the same vector.

This change modifies the default ImageDecoder for Qt-port from QImageDecoder to WebCore ImageDecoder.
The new behavior is to use QImageDecoder only if WebCoreImageDecoder - and the platform - doesn't support
the requested image type.
The WTF_USE_QT_IMAGE_DECODER macro has been removed, since it is no longer needed.

This change adds build depedency (except Qt-MAC and Qt-WIN platform) for libpng-dev and libjpeg-dev packages,
because PNG and JPEG imagedecoders need not only these libraries, but their headers also. Qmake-config
tests for these libraries were introduced in r110045.

Notice: with using libjpeg-turbo as a system library I measured 10% performance improvement on Methanol benchmark
(collection of popular sites, page-loading benchmark) with this patch.

r117432 has introduced a new File constructor which allows the caller
to pass in a snapshot file metadata. In the change we had considered the
given metadata is valid if "metadata.length >= 0 AND metadata.lastModifiedDate != 0",
but we should drop the latter condition (lastModifiedDate != 0) because

the value 0 is used to indicate the time information is unavailable in File, and

(Note: the current js/v8 binding returns Date(0) for the time value 0,
which is still valid as epoch time but would fail to indicate the
unavailability of the information. In this patch I added FIXME in
File.idl and filed a separate issue ​http://webkit.org/b/87709)

No new tests as this change does not affect regular files/filesystems behavior.
(Tests in Chrome OS port should be able to verify this)

Now I am optimizing querySelector() (bug 87625).
This patch adds a performance test for querySelector().
query-selector-first.html queries an element that appears
at the head of the document. On the other hand,
query-selector-last.html queries an element that appears
at the tail of the document.

Spec: ​http://www.w3.org/TR/FileAPI/#dfn-result
If the readyState is EMPTY (no read method has been called) or an error
in reading the File or Blob has occurred (using any read method), then the
result attribute MUST return null.

Currently, Firefox11, Opera and IE 10 follows the spec, but Webkit based
browser doesn't.
WebKit should change the returned value empty string into null to keep
conformance with the spec.

Spec: ​http://www.w3.org/TR/FileAPI/#dfn-result
If the readyState is EMPTY (no read method has been called) or an error in
reading the File or Blob has occurred (using any read method), then the result
attribute MUST return null.

Work around a not-entirely understood delay when using the results of a CGWindowListCreateImage()
call as the contents of a placeholder view. The backing of the resulting CGImageRef resides on
the WindowServer, and drawing that image requires synchronous calls to the WindowServer process.
By copying the image data, up front, into our own process, we can avoid those synchronous calls
later and avoid the delay-causing drawing behavior.

UIProcess/mac/WKFullScreenWindowController.mm:

(CGImageDeepCopy): Added a helper function which copies the image data into a new CGImage.
(-[WKFullScreenWindowController enterFullScreen:]): Use the above.

This bug fix in WebKit/blackberry is needed by the changes for
fullscreen media control sizing in WebCore (bug 87551). The sizing
of controls depends on the page's deviceScaleFactor(), which was
not being maintained properly due to errors in logic. Viewport
changes from non-default to default were being erroneously
thrown out. Also, when the viewport did change back to default
the deviceScaleFactor was not being updated.

r118736 changed CSSGrammar.y so that it works fine with no style sheet.r118736 removed a dummy style sheet from CSSParser::parserSelector().
Now we can safely remove a dummy style sheet from parserFlowThread().

This patch added checking of "option" element for CSS pseudo class :enabled as same as
:disabled to selector checker. Before r111497, it was done by using isFormControlElement.
After that revision, HTMLOptionElement was no longer derived from HTMLFormControlElement.

Test: fast/form/select/optgroup-rendering.html

css/SelectorChecker.cpp:

(WebCore::SelectorChecker::checkOneSelector): Checking element is option element as same
as PseudoDisabled in PseudoEnabled case.

Introduces a ComposedShadowTreeParentWalker, which is only used
for traversing a parent node (including shadow roots and insertion
points) and get rid of an equivalent function from
ComposedShadowTreeWalker.

Before this patch, there is an inconsistency inside of
ComposedShadowTreeWalker. The Walker uses 'Policy' to decide
whether it should visit shadow roots or not, but
parentIncludingInsertionPointAndShadowRoot() member function
ignores the policy. We can not add an assertion in its
constructor due to this inconsistency. To resolve it, we could
add yet another special policy, but that makes the implementation
complex and may add some overhead in runtime. So separate the
functionality into another class as ComposedShadowTreeParentWalker.

Added a manual test case which needs user to provide a HTTP server
with HTTP authentication support when loading the specified media
resource. The test case will test if the media resource is successfully
loaded.

ManualTests/blackberry/video-load-with-authentication.html: Added.

Source/WebCore:

RIM PR: 117618
Implemented http authentication feature for media by implementing
two interface functions in class MediaPlayerPrivate:
onAuthenticationNeeded(): this function is triggered when MMR
engine requires http authentication. We search the CredentialStorage
to see if we have already stored existing credential information,
or challenge user to provide it.
OnAuthenticationAccepted(): this function is triggered when MMR
engine accepts the credential information, and we need to save
it in CredentialStorage for later use.

Originally, it was interleaved across attach() of several classes like
InsertionPoint and ShadowRoot. Its invalidation was also mixed as a part of
the style recalculation and detach()-es.

This change extracts these bits of code to a set of ContentDistributor methods, which are
facaded by two ElementShadow API. Following two API are the primary entry points:

ElementShadow::ensureDistribution()

ElementShadow::invalidateDistribution()

The actual implementations are ContentDistributor::distribute() and
ContentDistributor::invalidate() respectively.

When clients need to traverse composed tree, before attach() for
example, they should call ensureDistribution() to make sure that
the traversal data structure ("the distribution") is ready. When
there is any DOM mutation which can result a composed tree
mutation, then clients should call invalidateDistribution() to
mark the distribution being dated.

Here are such DOM mutations:

The children of any ShadowRoots are changed,

The children of any InsertionPoints are changed,

The children of any host elements are changed,

Any insertion point is inserted to or removed from the shadow tree,

@select attribute of <content> is modified and

New ShadowRoot is added to the shadow tree.

Note that the validity of the distribution is tracked and
unnecessary distribution requests are ignored.

After the invalidation, that shadow subtrees are detached once and
request their re-attachment through the style recalculation.
Then, on the responding style recalculation and attach(), new
distribution will be computed.

Darin provided some style suggesting on ​https://bugs.webkit.org/show_bug.cgi?id=87462 after it landed.
This patch incorporates those suggestions, namely using 0 instead of empty string for UnknownTransformOperation
and WTF_ARRAY_LENGTH instead of hard coding the array length.

In the process of moving the seamless feature out of github and into bugs.webkit.org
multiple versions of the shouldDisplaySeamlessly function got written
(and moved from HTMLIFrameElement to Document), but only one of them was wrapped
in ENABLE_IFRAME_SEAMLESS. HTMLIFrameElement was checking mayDisplaySeamlessly
directly (as was my original design), which got around the ENABLE_IFRAME_SEAMLESS check.
I've fixed this oversight, and the feature is now off when we tell it to be off.

This is covered by many existing tests. I've verified locally that
all tests fail when ENABLE_IFRAME_SEAMLESS is disabled instead of
only some of them.

Make ScriptController::eventHandlerPosition() behave the same way on
JSC than V8. This means that TextPosition::minimumPosition() is
returned if parser is null, instead of
TextPosition::belowRangePosition(). The line numbers are now correctly
printed in the output of Content Security Policy tests.

Blind attempt to improve flakiness on the bots by reducing the number
of crashes due to an unresponsive process. This helped on my personal machine
under stress conditions. I don't have enough cores to hit the problem
under normal conditions.

Add move constructors and move assignment operators to String and AtomicString when building with
compilers that support rvalue references. This gets rid of ref-churn when the source of the
constructor or assignment is a temporary object.

Changes the way we do flushing for captured variables and arguments. Instead of flushing
each SetLocal immediately, we flush at kill points. So a SetLocal will cause a Flush of
whatever was live in the variable previously, and a return will cause a Flush of all
captured variables and all arguments.

Chrome was crashing in the new Prerender API on Google Web Search; this was because the DOM would stop(), setting the
state of the Prerenders in the document to Inactive, but an asyncronous GC would later come come along and trigger the
removedFromDocument behaviour on each element, including the <link> element launching the prerender. This causes an
assertion failure.

I believe the late-deletion of the DOM, and the HTMLElement::removedFromDocument calls are legal, and it was the
overzealous assertions in Prerender that were inappropriate.

Reviewed by Adam Barth.

No new automated tests, working on a Chromium browser test. Manually test by entering many prerender and non-prerendered
queries into Google Web Search.

Removes ENABLE(OVERFLOW_SCROLLING) from the set of enables set by Chromium. This guards a new non-standard
CSS property, -webkit-overflow-scrolling, that was introduced by iOS5 intended for mobile browsers. This
property is very partially implemented in Chromium but the way it's implemented does cause new stacking contexts
to be created that otherwise would not be, breaking "desktop" pages.

This turns the feature off until we can figure out how to deal with the compatibility issues.

features.gypi:

LayoutTests:

Mark test depending on ENABLE(OVERFLOW_SCROLLING) as an expected failure since the define is off.

[New Multicolumn] Refactor the region and flow thread code so that it can pick up the correct column widths
and heights when determining the logical width and height of the flow thread itself.

This patch adds new virtual methods to RenderRegion: logicalWidthForFlowThreadContent and logicalHeightForFlowThreadContent.
For normal regions, these methods return the contentWidth and contentHeight of the regions themselves. For column sets,
however, these methods actually return the column widths and heights.

This allows the flow thread to properly lay out according to the column width.

Region invalidation is also done properly by using these new methods.

In some cases the code is actually simplified, since we can get rid of some isHorizontalWritingMode() switching.

With this patch the flow thread now actually lays out and paints at the right width (spilling out of the region set in a single unbroken
column).

This modifies garden-o-matic so that we will fetch all
of the baselines in parallel from the bots, and then
optimize the baselines serially (since that should be fairly
quick and we get into trouble if we optimize in parallel due
to concurrent access to the source control system).

This change adds a flag to webkit-patch rebaseline-test (--print-scm-changes)
so that the files that need to be modified in the SCM are returned to
garden-o-matic rather than actually added or removed. This is done so that
we can run multiple rebaseline-tests in parallel (we can't modify the SCM
concurrently). In order to safely return the files (as a JSON dict) I
needed to shift all of the logging in rebaseline-test to use the logging
module (and hence log to stderr).

I also had to stub out a line in chromium.py that would get confused if
the skia overrides file didn't exist in a mock checkout.

No new tests. Existing tests have been updated to use the new
exception constant values.

The IDB spec has evolved to DOM4-style DOMExceptions, which are
referred to with MixedCase, string-based style names for
exceptions rather than UNDERSCORE_CONSTANT_ERR codes. Change to
use MixedCase error/exception names, and tease out the
IDB-specific exception/error codes/names from the system-level
codes. Make sure that the legacy IDB-masked exception code values
match the DOM exception values. Make sure that
IDBDatabaseException[exception.name] still works.

The change in r111742 completely ignored border-sizing (following the table's code lead unfortunately).
The issue is that we would count the borders and paddings twice for the border-box case which would lead
to the content-box including them too. From a web-author, this behavior is equivalent to ignoring box-sizing.

rendering/FixedTableLayout.cpp:

(WebCore::FixedTableLayout::calcWidthArray):
Reworked the function to properly use computeBorderBoxLogicalWidth() for correctness. This matches
what RenderBox and the rendering code does generally. Also refactored the code to avoid the need
for local variables and make it more readable.

Source/WebCore:
The bug was caused by our passing insertionPos.anchorNode() to splitTreeToNode's start node even when
the position's type was an offset in a container. Fixed the bug by passing the node after the insert position
or the container node if the position is at the end of the container.

It's possible that if we don't have anything at the head of to-space
after a collection and the BlockAllocator doesn't have any fresh blocks
to give us right now we could start another collection while still in
the middle of the first collection when we call CopiedSpace::addNewBlock().

One way to resolve this would be to have Heap::shouldCollect() check that
m_operationInProgress is NoOperation. This would prevent the path in
getFreshBlock() that starts the collection if we're already in the middle of one.

I could not come up with a test case to reproduce this crash on ToT.

heap/Heap.h:

(JSC::Heap::shouldCollect): We shouldn't collect if we're already in the middle
of a collection, i.e. the current operation should be NoOperation.

Make immutable StylePropertySet objects variable-sized and allocate exactly
the space needed to hold the CSSProperty objects passed at construction.
This lets us avoid the memory overhead of Vector<CSSProperty, 4>.

Renamed StylePropertySet::adopt* to create and createImmutable since they no
longer adopt the incoming vector. More cleanup will follow in this area.

This reduces memory usage across the board - the more CSS declarations,
the bigger the benefit. As an example, we save around ~0.5MB on wsj.com.

Pull the initial page logical height checking for columns into its own separate function. This
will allow the derived RenderMultiColumnBlock class to do its own setup there. It also has the
effect of cleaning up layoutBlock even for the existing code.

When a contributing surface is visited, and we have not visited another
surface, then we know the surface is completely unoccluded. However, the
root scissor rect should still be applied, and anything outside of it
should be considered occluded.

Because we use authentication callback mechanism of libcurl,
which will take care of all the authentication communication
between UA and server, so the only thing we need to do is to
provide credential information when authentication callback
is triggered. By using this we don't need to process
intermediate headers for each http authentication scheme.

Implemented interface function notifyAuthReceived() in
NetworkJob to handle the authentication notification from
networking thread.
When the authentication callback is triggered, we should
cancel the current loading request and restart a new one with
credential information attached which comes from
credentialStorage or user input.

We should try to store the credential information as soon as we
receive http status notification which indicates that the
authentication succeeds, instead of storing credentials when the
main resource receives notify done which is too late for loading
subresource.

And use it in the default handler of WebKitWebView::decide-policy
signal to decide whether to use or ignore a response policy
decision depending on whether the mime type of the response can be
displayed in the WebView or not.

(webkitWebViewDecidePolicy): In case of response policy decisions,
use the URI response to decide what to do: download if the
response is an attachment, use if the mime type is supported by
the web view or ignore otherwise.
(webkit_web_view_can_show_mime_type): Returns whether the given
mime type can be displayed in the WebView or not.

This patch adds HTMLOptGroupElement::disabled and isEnabledFormControl
methods which was implemented in HTMLFormControlElement at r109729 and
updates CSS pseudo class checker to check "optgroup" element.

We now base64-encode the page url in the image-provider url, so that any
normalization done by QUrl will not mess up the page-url. The logic of
creating and parsing the provider-url has been moved into the image
provider, to keep it in one place.

We were also releasing icons (even ones we hadn't retained), which we can't
do since we don't know when the icon url is no longer in use.

Add a flag to StylePropertySet that determines whether it's mutable or not. Only objects
constructed from the CSS parser (by way of StylePropertySet::adopt()) are made immutable.
This is clean-up and prep work for implementing a more efficient storage scheme for immutable
StylePropertySets (fixed-size array instead of vector) as the vast majority of them are
unlikely to ever mutate during their lifetime.

Sprinkled ASSERT(isMutable()) all over StylePropertySet to catch any attempts to modify
an immutable object.

Also made properties() const on StyleRule and friends, which brought some additional code
churn along with it.

Create a new experimental property to list URLs of JS scripts that should be
loaded when a page is loaded. These scripts will run in the normal JS environment
of the page.

The supported URL schemes are ​file:/// and qrc:///. The scripts are read from the
UI process and transfered to the Web process.

Together with the experimental messaging API this provides a way for the
application to manipulate the DOM (by injecting a script that does the
manipulation and communicating with it via postMessage). This covers some of the
use cases of QWebElement in our WK1 API.

Create a new experimental property to list URLs of JS scripts that should be
loaded when a page is loaded. These scripts will run in the normal JS environment
of the page.

The supported URL schemes are ​file:/// and qrc:///. The scripts are read from the
UI process and transfered to the Web process.

Together with the experimental messaging API this provides a way for the
application to manipulate the DOM (by injecting a script that does the
manipulation and communicating with it via postMessage). This covers some of the
use cases of QWebElement in our WK1 API.

This new API makes it possible to leverage the BlackBerry accelerated
compositing implementation to draw, transform and fluidly animate
overlays in the embedding library or application.

A WebOverlay has an affinity for the thread where it was created. If
the current thread is the WebKit thread, use WebPage::addOverlay() to
add it to the page, and manipulate it only from the WebKit thread, with
exception of the "override" functionality which can be used from the
compositing thread. If the current thread is the compositing thread,
use WebPage::addCompositingThreadOverlay() to add it to the page, and
only manipulate it on the compositing thread.

A WebOverlay can be painted using Skia, or its contents can be set to
an image or a solid color.

To avoid parsing CSS selectors every time, I am planning to cache
SelectorQuery objects into a HashMap, which will be defined in
Node::querySelector(). To make the size of SelectorQuery small,
this patch removes m_rootNode and m_selectorChecker from SelectorQuery.h.

HeapSnapshotReceiver interface was introduced.
It declares the API for HeapSnapshotLoader, HeapSnapshotLoaderProxy and HeapSnapshotSaveToFileReceiver.
The HeapProfileHeader was refactored and tests were added.

This test was already failing for IMAGE and TEXT reasons prior to r118566.
On r118566, new images were added, probably without an embedded checksum.
It looks like our test infrastructure thinks that these images are MISSING.
Temporarily add MISSING expectations, so that we can proceed with this (failing) test.

This change uses WebSpellCheckClient::spellcheck as a fallback method to
retrieve suggestions when a marker does not have any suggestions. (It consumes
lots of CPU power to get suggestions for misspelled word, i.e. Chromium cannot
afford to attach suggestions to all spelling markers.)

src/ContextMenuClientImpl.cpp:

(WebKit::ContextMenuClientImpl::getCustomMenuFromDefaultItems): Retrieve suggestions if markers do not have any.

This patch removes a dummy style sheet. Previously the dummy style sheet
was needed to avoid null checks of m_styleSheet in CSSGrammer.y.
This patch fixes CSSGrammer.y so that it works fine with a null m_styleSheet.

Finish SVGViewSpec implementation and expose it to the Web. Numerous smaller bugs are fixed:

SVGViewSpec and all of its contents should be read-only. Enforce that and test it.
Add a new enum to SVGPropertyInfo so that each SVGAnimatedProperty knows if its content is supposed to be read-write or read-only.

Make the 'transform' attribute of SVGViewSpec exposable by switching to a SVGTransformListProperty - it can now be accessed from JS.

Assure that following XXXString methods are in sync with the corresponding SVG DOM interfaces

Stop to hold pointers of fildset and legend elements. We can avoid it by
holding ancestor's disabled state.

The ancesotr's disabled state should be invalidated when

fieldset's disabled value is changed.

fieldset's children is updated because a legend position might be changed.

A form control is attached to or detached from a tree.

No new tests. It's almost impossible to make a reliable test.

html/HTMLFieldSetElement.cpp:

(WebCore::HTMLFieldSetElement::invalidateDisabledStateUnder):
Added. Invalidate disabled state of form controls under the specified node.
(WebCore::HTMLFieldSetElement::disabledAttributeChanged):
Uses invalidateDisabledStateUnder().
(WebCore::HTMLFieldSetElement::childrenChanged):
Added new override function. We need invalidate disabled state of form
controls under legend elements.

(WebCore::HTMLFormControlElement::HTMLFormControlElement):
Remove initialization of the removed data members.
Initialize m_ancestorDisabledState.
(WebCore::HTMLFormControlElement::updateAncestorDisabledState):
Update m_ancestorDisabledState. It should be
AncestorDisabledStateDisabled if the control is under a disabled
fieldset and not under the first legend child of the disabled filedset.
(WebCore::HTMLFormControlElement::ancestorDisabledStateWasChanged):
Invalidate m_ancestorDisabledState.
(WebCore::HTMLFormControlElement::insertedInto): ditto.
(WebCore::HTMLFormControlElement::removedFrom): ditto.
(WebCore::HTMLFormControlElement::disabled):
Calls updateAncestorDisabledState() if needed.
(WebCore::HTMLFormControlElement::recalcWillValidate):
Remove unnecessary check for m_legendAncestor.

html/HTMLFormControlElement.h:

(HTMLFormControlElement):

Rename updateFieldSetAndLegendAncestor() to updateAncestorDisabledState(), and make it private.

Status codes 1005, 1006, and 1015 are forbidden to be sent in actual close frames.
If a client received these frames, the client should handle them as broken.
Close frames containing invalid body size are the same as these forbidden cases.
Update close-code-and-reason tests to verify this patch.

However, currently we cannot do the replacement mechanically, since some code
pass NULL to a non-optional 'isolate' parameter. In other words, currently
"non-optional" does not guarantee that 'isolate' is not NULL.

This patch removes all the code that passes NULL to a non-optional 'isolate'
parameter. This will enable us to achieve the replacement mechanically.

We need to use disabeld() instead of m_disabled to calculate
willValidate property. Also, we need to update willValidate if
necessary.

Test: fast/forms/fieldset/validation-in-fieldset.html

html/HTMLFieldSetElement.cpp:

(WebCore::HTMLFieldSetElement::disabledAttributeChanged):

Do not traverse this.

Calls ancestorDisabledStateWasChanged() instead of
setNeedsStyleRecalc() because we'd like to do additional tasks.

html/HTMLFormControlElement.cpp:

(WebCore::HTMLFormControlElement::ancestorDisabledStateWasChanged):
Added. Just calls disabledAttributeChanged().
(WebCore::HTMLFormControlElement::parseAttribute):
Do not call setNeedsWillValidateCheck() whenever an attribute is updated.
It should be called only if disabled or readonly attribute is updated.
(WebCore::HTMLFormControlElement::disabledAttributeChanged):
Add setNeedsWillValidateCheck(). It was moved from parseAttribute().
(WebCore::HTMLFormControlElement::insertedInto):
Invalidate ancestor information.
(WebCore::HTMLFormControlElement::recalcWillValidate):
Use disabled() instead of m_disabled. disabled() takes care of
ancestor's disabled state.

(WebCore::HTMLFormCollection::formControlElements):
Added support for HTMLFieldSetElement, based on base element type gets its associated elements.
(WebCore::HTMLFormCollection::numberOfFormControlElements): Ditto
(WebCore::HTMLFormCollection::getNamedFormItem): Process image elements only for form element.
(WebCore::HTMLFormCollection::updateNameCache): Ditto

html/RadioNodeList.cpp:

(WebCore::RadioNodeList::RadioNodeList):
DynamicSubTree root element is decided based on the type whether base element is form or fieldset element.
Renamed m_formElement to m_baseElement.
(WebCore::RadioNodeList::~RadioNodeList):
Renamed m_formElement to m_baseElement.
(WebCore::RadioNodeList::checkElementMatchesRadioNodeListFilter):
Form element specific changes moved under form element check.

RIM PR: 145660
Fixed a regression introduced by r111810, we should cancel the new
request when user press cancel button in http authentication challenge
dialog, and we should also allow sending empty username and password
with the request.
Also removed redundant codes which checked the existence of the
FrameLoaderClient pointer, as we've already moved authenticationChallenge()
out of class FrameLoaderClient, it is not needed.

RIM PR: 145660
Fixed a regression introduced by r111810, which used the wrong
credential object.

Added the interface function didReceivedAuthenticaitonChallenge()
in interface class DumpRenderTreeClient;
Called m_dumpRenderTree->didReceiveAuthenticationChallenge() in
WebPagePrivate::authenticationChallenge() when DRT is enabled.

Provide the TargetType when generating a favicon loading
request. Loading favicons is triggered after the main resource
has been loaded and parsed, so if we cancel the authentication
challenge when loading main resource, we should also cancel
loading the favicon when it starts to load. If not we will
receive another challenge after we canceled the main resource
loading, which may confuse the user.

This also fixes a small performance bug where CFA was not marking blocks
as having constants (and hence not triggering constant folding) if the only
constants were on GetLocals.

And fixing that bug revealed another bug: constant folding was assuming that
a GetLocal must be the first access to a local in a basic block. This isn't
true. The first access may be a Flush. This patch fixes that issue using the
safest approach possible, since we don't need to be clever for something that
only happens in one of our benchmarks.

This patch implements a number of improvements to filteredProperties:
1) Make the code more linearly readable by separating out handling of important and non-important properties.
2) Eliminate one BitArray instance (reduces hot memory so more cache friendly).
3) Remove O(n2) behavior caused by scanning for and removing previously encountered definitions of each property.
The key algorithmic change is to add properties in decreasing precedence:
a) Iterating once per (important, !important) so that important properties are visited first.
b) Reverse iteration of m_parsedProperties visits the properties in decreasing precedence.

Covered by loads of existing tests - getting CSS property precedence wrong results in too many errors to list.
In particular fast/css contains test cases for important corner cases like duplicated important properties.

css/CSSParser.cpp:

(WebCore::CSSParser::createStylePropertySet):

css/CSSProperty.h:

Add vector traits so that CSSProperty can just be memset by vector without calling constructor.

A check using canHaveGeneratedChildren() should cover not only
button and menulist, but also RenderTextControl.
This change pulles canHaveGeneratedChildren() up
from RenderDeprecatedFlexibleBox to RenderObject,
and lets RenderTextControl override it.

To support layers that have a "floating" appearance, i.e. don't change size
when the web page is drawn at a different scale, we add a new layer property
named "sizeIsScaleInvariant".

The anchor position will still be given in document coordinates for these
"floating" layers, so this is well suited for interface elements like selection
handles whose size is always the same but move with the web page contents.

Normally, layers are manipulated on the WebKit thread, and the changes are
synced to the compositing thread during the next accelerated compositing commit
operation.

However, for overlay layers the ability to manipulate layers on the compositing
thread is necessary for adequate user interface responsiveness.

Two mechanisms are added:

For a layer with a WebKit-thread counterpart, you can temporarily override

attributes or add animations whose output override attributes.

For a layer with no WebKit-thread counterpart, you can now directly set the

compositing thread values for attributes. If you attempt to do this for layers
that do have a WebKit-thread counterpart, the compositing thread values will
be overwritten at the time of the next commit, which makes the override
mechanism more useful there.

Introduce a LayerCompositingThreadClient that's used to fine tune the
behaviour of custom layers. Let the LayerTiler be a
LayerCompositingThreadClient and thus decouple it from
LayerCompositingThread. Adjust method signatures to allow a one-to-many
relationship between Client and Layer.

Remove the old LayerCompositingThread::drawCustom() in favour of this new
Client interface.

Add setJavaScriptProfilingEnabled() to window.internals.settings. No new tests, but this
change will allow more tests to run in WebKitTestRunner and DRT for ports that weren't
implementing this function before.
This patch also refactors InspectorController::enableProfiler() and
InspectorController::disableProfiler() to InspectorController::setProfilerEnabled(bool).

There will likely be compositing layers either due to web content or
due to overlays.

Defer initialization of OpenGL objects (i.e., delay creation of the
LayerRenderer object) until we actually need to draw and there are such
layers, to avoid initializing OpenGL in the unlikely case that there
are no compositing layers or overlay layers.

A crash would be seen in GuardedPointerBase::getWithGuardLocked when
attempting to unpickle and execute serialized call to setCompositor.

The problem was that the message had been created with a dangling
pointer as the target. The web page failed to inform its compositor
that it was being destroyed due to an early return in
WebPagePrivate::destroyCompositor.

The root cause was that a method called "destroyCompositor" was being
called in two situations, when navigating to a new page as well as when
actually deleting the web page. And in one case, we really only wanted
to free up some memory by clearing textures, while in the other case we
really did want to destroy the compositor.

Fixed by calling a method to release textures when that's what we want
to do, and calling a method to destroy the compositor when that's what
we want to do, and making that latter method unconditional.

We used to require the embedder to implement tap highlight drawing.
Now, a default tap highlight, implemented using the recently added
accelerated compositing overlay layer support, can be used instead.

The tap highlight appears instantly but fades out when hidden.

The default tap highlight can be overridden using the new
WebPage::setTapHighlight() method.

The overlay layer allows us to have compositing layers even though the
web page is not currently using accelerated compositing.

These layers can be used to implement tap highlight, inspector overlay
and more.

Source/WebCore:

The WebCore changes support the overlay layer functionality in WebKit
by making it possible to add animations from the compositing thread
without them being instantly overwritten during the next commit.

Also a new custom layer type is added, which allow an overlay layer to
draw itself using raw OpenGL calls. An instance of a custom subclass of
LayerCompositingThread must be provided when creating the
LayerWebKitThread. Then, the custom layer can be used as the content
layer of a GraphicsLayer, or by itself.

The new API allows the embedder to specify the root transform and many
OpenGL related parameters to be used when rendering the web page.

To honor the transform, we have to implement a way to composite the
BackingStore output using a generic transform. This method,
BackingStorePrivate::compositeContents(), uses a strategy that differs
from blitContents(), because that one is optimized for software
blitting, while this one is optimized for GPU rendering. Specifically,
instead of drawing the checkerboard first, and the rendered subregions
of the tile afterward, we draw the whole tile in one call, and then
draw checkered regions on top, if any.

Removed the blit generation condvar from the new code paths for drawing
BackingStore output using a transform, since the condvar is ineffective
in preventing flicker when we're not in charge of swapping the window.
Instead, another synchronization solution will be implemented in the
future.

Chromium Android builds were broken because v8 tried to compile files
for target with the "-m32" flag. This was caused by a v8 check falling
back to using "which g++" to find the right compiler, whereas it should
have used the $CXX_target environment variable. This isn't being set
for Android builds.

gyp_webkit: Set the CXX_target environment variable. Annotate the fix
with a FIXME comment too.

The if-statement to check whether the first entry of a certain letter
already exists in the index used .get(). The very first alphabetical
entry is in position "0", which evaluates to false, causing the first
entry to be ignored. Instead, use a "x not in y" check here.

Also update WebCore.gyp to list the create-html-entity-table script as
an input for the action, to make sure the table will be recreated.

Test: html5lib/resources/entities02.dat

WebCore.gyp/WebCore.gyp:

html/parser/create-html-entity-table:

LayoutTests:

Test that the (current) first alphabetical entity in the named entity
table (&AElig, without a semi-colon) renders as expected.

In function NetworkJob::startNewJobWithRequest, We should cancel the
NetworkJob first before we start a new NetworkJob which reuses the
resource handle of the old one. If we only set the m_handle = 0 of the
old NetworkJob without cancelling itself, it will still receives data
notification from network thread and handles the received data with
the released resource handler, which will cause the crash.

An intermediate C++ class is introduced that uses C++ template technique to control actual type
of its constructor argument.
All input parameters of type "int" now have type ExactlyInt.
All usage sites are fixed accordingly.

css/MediaQuery.cpp: Removed some comments that pointed to CSS documents.

There is no guarantee these links will be valid over time.
(WebCore::MediaQuery::MediaQuery): Rewrote for clarity, conventional WebKit coding
style, and simplicity.
(WebCore::MediaQuery::copy): Moved out of line; not performance critical, and this
allows us to cut down header dependencies.
(WebCore::MediaQuery::cssText): Updated for change to data member name.

"exprs". Changed expressions function to return a reference instead of
a pointer. Changed mediaType and cssText functions to return a reference. Renamed
m_serializationCache to m_serializedQuery. Moved copy function out of header.

Broke a FIXME into three and reworded for clarity.
(WebCore::MediaQueryEvaluator): Updated for name changes.
(WebCore::MediaQueryEvaluator::eval): Rewrote this for clarity and to regularize
the logic a bit.
(WebCore::aspect_ratioMediaFeatureEval): Got rid of a != 0 that is contrary to the
normal WebKit style.
(WebCore::device_aspect_ratioMediaFeatureEval): Ditto.
(WebCore::transform_3dMediaFeatureEval): Fixed mangled #if that was here.
(WebCore::view_modeMediaFeatureEval): Replaced UNUSED_PARAM usage with ASSERT_UNUSED.
(WebCore::createFunctionMap): Changed this so it returns the map so we can use a
cleaner style in the caller.
(WebCore::MediaQueryEvaluator::eval): Updated to take a reference and improved the
comments and coding style a bit.

css/StyleResolver.cpp: Moved the MediaQueryResult class into this file

and made it a structure rather than a class.
(WebCore::StyleResolver::addViewportDependentMediaQueryResult): Updated to take
a reference argument instead of a pointer and for the new vector type.
(WebCore::StyleResolver::affectedByViewportChange): Updated for above changes.

css/StyleResolver.h: Removed many unneeded includes and forward declarations of

classes, including now-unneeded include of MediaQueryExp.h. Replaced MediaQueryResult
definition with a forward declaration. Changed addViewportDependentMediaQueryResult
to take a reference instead of a pointer. Changed m_viewportDependentMediaQueryResults
to be a vector of values rather than of pointers.

(JSC::MarkedBlock::sweep): Sweep a block's weak set when sweeping the
block. The weak set may not have been swept yet, and this is our last
chance to run weak finalizers before we recycle the memory they reference.

The current implementation does not set event's target correctly
if an event happens on DOM tree with multiple shadow roots. So
this patch updates an event re-targeting algorithm so that it
works even if it is applied to multiple shadow roots.

(MainResourceLoader):
-Add the OVERRIDE keyword for the methods inherited from ResourceLoader.
-Remove the useless declaration of handleDataLoad(ResourceRequest&), this method does not exist.
-Rename handleDataLoadNow() to handleSubstituteDataLoadNow() and make the method private. This should

only be used by handleSubstituteDataLoadSoon() and indirectly through the timer.

Building with clang requires at least the -fPIC option being
passed correctly, just like it is needed with gcc. clang is also
compatible with most of gcc's compiler options, so we only need to
check for clang besides g++ in the macro definition.

Source/cmake/WebKitHelpers.cmake: Check for "Clang" and use

CMAKE_COMPILER_IS_GNUCXX for the previous check, as it is shorter
and achieves the same effect.

Factor out strings into a const char* array, and use a StringBuilder instead of String concatenation.
This will allow future code to re-use the array of transform names, and StringBuilder is generally faster.

Modifying to check() to dump expected and actual text at the same
absolute position, because DumpRenderTree dumps absolute x,y-position
information for a layer which contains RenderVideo. For example,
backgroundClip at (8,163), clip at (8, 163) and so on.

Previously, there was a shortcut when a deferred MainResourceLoader is resumed: If the data
was coming from AppCache we could jump directly to startDataLoadTimer().

The problem with the shortcut is willSendRequest() is never called in that particular case
(substituteData + deferred-resume). The imbalance between willSendRequest() and didReceiveResponse()
causes problems.

This patch removes the shortcut so that MainResourceLoader::loadNow() is used regardless of
the deferred loading. The method MainResourceLoader::loadNow() handle the substituteData as if the loading
was not deferred.

Test: http/tests/appcache/load-from-appcache-defer-resume-crash.html

loader/MainResourceLoader.cpp:

(WebCore::MainResourceLoader::continueAfterNavigationPolicy):
(WebCore::MainResourceLoader::handleSubstituteDataLoadSoon):
Rename the method to be consistent with the attribute it uses, making the naming more explicit.
(WebCore::MainResourceLoader::loadNow):
(WebCore::MainResourceLoader::setDefersLoading):

loader/MainResourceLoader.h:

(MainResourceLoader):

Tools:

Extend DumpRenderTree to support loading the main resource deferred with a delay. This makes it
possible to test pages in a similar way as they are loaded in Browsers.

The old rule "filename": r".*mathml" works fine because "filename" is a prefix match,
but if this changed the rule would be slow. We protect against this, clarify the rule,
and make it more similar to existing rules.

There are many scenarios that can call render and cause tile access,
and they used to be rerouted to the direct rendering code when the
backing store was not active. This was thanks to an implicit check for
isActive() by virtue of calling shouldDirectRenderingToWindow() from
render().

If we're using OpenGL for compositing the backing store contents
however, direct rendering is always disabled and we jump right into the
tile based rendering code.

Fixed by adding an explicit check for isActive() in render(), now that
the implicit check in shouldDirectRenderingToWindow() is conditional on
having raster usage.

Since PR136381/bug83131, when OpenGL compositing is used, and the
backing store is not active, it is not in charge of drawing the root
layer. Instead, we switch off the paintingGoesToWindow flag on the root
RenderLayer so no invalidates will reach the ChromeClient or the
BackingStore any more. Instead, invalidations will cause the root
accelerated compositing layer to be repainted. Any BackingStore render
calls while in this state are pointless, and can safely do an early
return.

Clicking such a link opens a new tab. The compositor was briefly in
charge of drawing the root layer while the backing store was inactive
and the user was looking at the other tab. The problem was that the
compositor believed it was still painting the root layer even after the
backing store became active again. The flag was not properly cleared
when turning off compositing.

Fixed by returning false from drawsRootLayer() if we don't have a root
layer.

From Spec: ​http://www.w3.org/TR/FileAPI/#dfn-progress-event
One progress event will fire when blob has been completely read into memory.
Firefox, Opera and IE follows the spec.
Webkit based browser doesn't do that, it only fires progress event at interval of 50ms.
WebKit should add the behavior to make the conformance with the spec.

From Spec: ​http://www.w3.org/TR/FileAPI/#filedata-attr
Before read method has been called or an error in reading has occurred,
the result attribute should be null, not empty string.
WebKit should change the returned value empty string into null to keep
conformance with the spec.

The slow script will now be cancelled when the script element is removed from the document.
Without waitUntilDone(), LayoutTestController will immediately end the test upon cancellation
of the last resource.

RenderInline::offsetFromContainer() set offsetDependsOnPoint to true based
on the container's flipped writing mode. However, offsetFromContainer() would
then overwrite that, since it only checked for columns.

Fix by having RenderInline::offsetFromContainer() check for flipping on
the container. This fixes the assertion.

The new testcase exercises fixes another issue; unlike mapLocalToAbsolute(),
RenderGeometryMap::absoluteRect() didn't pass the rect center point through
the mapping, which resulted in a different result in some flipping cases.

(JSC::WeakBlock::finalize): Since we don't guarantee destruction order,
it's not valid to access GC pointers like the Structure pointer during
finalization. We NULL out the structure pointer in debug builds to try
to make this programming mistake more obvious.

(WebKit::BuiltInPDFView::wantsWheelEvents): Return true instead of false and delete
misleading comment. While the built-in PDF view would get added to the set of scrollable
areas anyway, there are some code paths that check wantsWheelEvents explicitly, so it seems
necessary to reutrn true.

Hit testing used to use temporary clip rects in composited documents,
until r118562. Now that we cache clip rects for hit testing, we need
to clear the cache on descendant layers when a layer gains or loses
a transform.

fakeMouseEventTimerFired() uses the last known mouse position for the fake mouse event, but
calls contentsToScreen() to compute a corresponding position in screen coordinates. Avoid
this by also recording the last known mouse position in screen coordinates, and using that
value.

The ImageGStreamerCG abstraction is being removed until I manage to
port my gst-mac WebKit branch over to the WebKit2 mac port. No
need to update the XCode project because this file is not
referenced there anyway.

Stop relying on updateFromElement() - instead rely on addChild/removeChild, which
allows us to optimize the resources re-fetching. When a child is added to the tree
we don't need to remove existing resources from the SVGResourcesCache - the renderer
can't be in the cache yet. Similary, remove the entry from the cache earlier: as soon
as the renderer is removed from the tree, instead of waiting for willBeDestroyed().